sesame
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from the official NPM registry. This is the standard tool provided by the vendor (membranedev) to interact with their service. - [COMMAND_EXECUTION]: The skill uses local shell commands (
membrane login,membrane connect,membrane action run) to manage the integration. These commands are scoped to the functionality of the Membrane platform. - [CREDENTIALS_UNSAFE]: No hardcoded credentials or unsafe secret handling practices were found. The instructions explicitly advise against asking users for API keys, instead using a server-side OAuth flow managed by the platform.
- [INDIRECT_PROMPT_INJECTION]: The skill features a search capability (
membrane action list --intent "QUERY") that processes natural language strings. While this is an ingestion point for untrusted data, it is a standard search interface within a closed vendor ecosystem and poses low risk.
Audit Metadata